The company Malalan d.o.o., Mestni trg 21, 1000 Ljubljana, Slovenia (hereon: Malalan or “we”) as the personal data controller strives for the protection and respect of your privacy and your rights in the processing of your personal data. We take the security of your personal data seriously and thus guarantee that we abide by all applicable data protection regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of Individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereon: 'GDPR').
Terms and concepts used in this Policy (e.g. “personal data”, “processing”, “collection”, etc.) have the same meaning as is defined in Article 4 of GDPR, unless otherwise specified in this Policy.
The Policy includes the following information:
- Which data we collect;
- On which basis and for which purpose we collect them;
- The retention time of individual types of personal data;
- The rights of Individuals connected to the processing of personal data;
- Contact details of the person responsible for data protection.
2. DATA WE PROCESS
Personal data is collected for the needs of implementing our services, performing contractual or legal agreements, for the protection of our interests, and the interests of Individuals, for informing about promotions and marketing activities, and for raising the quality of our services.
Unless otherwise specified, we collect primarily the following data:
Contact information (name, address, e-mail, telephone number, etc.), which you provide us with for the needs of fulfilling your order, preparing an offer, or when you get in touch with us in any other manner.
We acquire or you provide us with such data primarily:
◦ in on-line forms completed on our website,
◦ by completing forms on paper,
◦ upon concluding a contract with us,
◦ through correspondence over e-mail or mail, telephone, on-line forms, forums, etc.
Other information which you provide simultaneously with your consent to their processing (data about your interests, photos, personal description, etc.)
We acquire or you provide us with such data primarily:
◦ in on-line forms completed on our website,
◦ by completing forms on paper,
◦ through correspondence over e-mail or mail, telephone, on-line forms, forums, etc.
Data about transactions (debit or credit card information, bank account, tax ID number, content of the purchase or the subject of the contract, etc.) which we need for the completion of the order or other obligations
We acquire or you provide us with such data primarily:
◦ by completing forms on paper,
◦ upon the conclusion of a contract with us,
◦ upon on-line payment.
Information about access to websites and user data (hereon: access data), which are processed for protection, control over functioning, and improvement of our websites or network, protection against abuse or fraud, and meeting other obligations, include primarily: internet protocol (IP) address, which is used for the connection of your computer to the internet, sign-in data (user name, password), browser type and version, time zone setting, type and version of browser add-ons, operating system and platform, device information, mobile phone type you use, unique device identifier (e.g. IMEI device number, the MAC address of the device's wireless network interface or mobile phone number used by the device), your mobile network information, time zone setting in the device, information about your visit (arrival at our website, behaviour on the website, and departure, services you looked at or searched for, page response time, transmission errors, viewing time of a specific page, information about page interactions, such as moving, clicking, and controlling the mouse, including date and time).
We acquire such data or you provide it to us especially when you access our websites.
2.1. ACCESS DATA
Cookies and similar technologies
Cookies are small files saved by a browser on your device into a folder, specifically defined for this purpose. Saved cookies can be used e.g. to determine whether you have already visited a specific website, to acquaint ourselves with the activities and browsing patterns of visitors, which with the help of the IP address (number of the address of the device connected to the internet) or account data you provide us with upon registration can enable the identification of an Individual. The majority of browsers accept cookies automatically, yet you can change the settings of your browser by disabling the saving of cookies or by demanding your explicit permission for any kind of saving of cookies. Saved cookies can be deleted at any time. Please note that disabling cookies could limit or disable the use of our website or its parts.
We use session status cookies and persistent cookies. Session cookies expire when you log out of your account or close your browser. Persistent cookies stay on your computer or mobile device until you delete them or they expire in any other manner.
We also use other technologies similar to cookies. With the help of so-called pixels, we can download data from your device, such as the type of the device or operating system, the IP address, and time of visit. They are also used for installing and reading cookies in your browser. Tracking URLs are used to determine the website which directed you to our website or to determine the app used.
Types of information we collect with cookies and similar technologies include: the IP address; the device’s ID; websites visited; the browser type; information on browsing; operating system; the internet provider; the time stamp; information on whether you responded to an ad; the URL from which you accessed our website; options you used or activities you did on our website.
Technical (procedural) cookies: Technical cookies are used for the display and proper functioning of a website; and also for you to be able to create a user account, sign in, and edit your orders. Therefore, technical cookies are necessary for the proper functioning of our website.
Analytical cookies: These cookies are used to see how visitors use our website. We can determine how the website functions and how successful the ads and notifications are. Data we collect can include websites you visited, which websites you entered from and which you exited to, your operating system or platform, including the time stamp for individual actions. These cookies, for example, enable the storing of information about the number of clicks on a particular page, mouse movements and scrolls on the page, keyword search, etc. Analytical cookies are used as part of our on-line advertising to learn how visitors use our webpage after they were shown an on-line ad or notification. They can include ads from third persons.
Advertising cookies: Cookies of third persons and our own cookies are used to show ads on our own website and other websites. This is called “re-targeting” and is based on the search history, such as products or services you searched for or looked at and the prices shown.
Thus, cookies are needed for the following purposes:
- To estimate of volume and pattern of visitors and the way they use our website;
- Improvement of the safety and functioning of the website;
- Storing data about your browser settings, which enables us to adjust our website to your interests;
- Speeding up the search;
- Identification of an Individual when one returns to our website, which improves the user experience.
You can prevent the storing of cookies on your device by selecting the option of blocking or disabling cookies in your browser settings.
2.1.1. DATA GATHERED THROUGH EXTERNAL PROVIDERS
We contractually collaborate with external service providers (contractual partners), who help us understand the use of our website better. With the help of cookies and other similar technology, our contractual partners can gather data about your use of our website, necessary for analysis about the use of our website (how visitors navigate through our website, which products they look at, general information about transactions). Information and analyses provided by our contractual partners will be used as help in understanding the interests of visitors of our website and for security, technical, and content improvements to the website. In the processing of data received on our website, our contractual partners are limited by the contract and can use this data solely for the purpose of analysing the use of our website based on our instruction.
Individuals who do not want the data about their visit to our website to be shown in the report of Google Analytics can install a browser addition to cancel the services of Google
Analytics, available at: https://tools.google.com/dlpage/gaoptout.
The storing of cookies can also be prevented by the use of appropriate browser settings; however, this might prevent you from using all the functions of our website.
Additional information about Google and Google Analytics services are available at:
Google guarantees the appropriate level of personal data protection, since it is appropriately certified within the Privacy Shield EU-USA.
2.1.2. DATA TRANSMITTED TO THIRD PARTIES
Plug-ins are small programs widening the functionality of programs and consequently of our website.
All third parties, to which data is provided through plug-ins stated in the continuation, guarantee the appropriate level of personal data protection, since they are certified within the Privacy Shield EU-USA, or data is processed within the EU member states.
Our website uses plugins of the social network Facebook, administered by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA (hereon: Facebook). Plug-ins are marked by the Facebook logo or “Facebook plugin for social network” or “Social Plugin” additions. An overview of Facebook plugins and their appearance can be found at:
When you visit our website that includes such a plugin, your browser establishes a direct connection with Facebook servers. Facebook downloads the content of the plugin directly onto your browser and incorporates it into the website. With this inclusion, Facebook receives the information that your browser has retrieved the correct page of our website, even if you do not have a Facebook profile or are not signed in to your Facebook profile at the moment of use. Your browser sends this information (including your IP address) to the Facebook server in the USA and stores it there.
When you use a plugin, are signed in to your Facebook profile, and when you, e.g., click “Like” or write a comment, this information is also transferred directly to Facebook’s server, where it is stored. Information is also published on your Facebook profile where your Facebook friends can see it.
More about the purpose and scope of data gathering and their further processing and use on Facebook, as well as about your rights and privacy protection setting options can be found in Facebook advice on data protection at:
When you do not want the data Facebook acquires from our website to be recorded and saved in your Facebook account, you must be logged out of your Facebook account prior to visiting our website. Downloading of the Facebook plugin can also be prevented by an appropriate software extension for your browser.
SIX Payment Services
We use software of the provider SIX Payment Services (SIX Payment Services, Hardturmstrasse 201, 8021 Zürich, Switzerland), which is the largest European provider of this type of services, for the processing of payments with debit and credit cards through our website. All confidential data are encoded, while in the context of collaboration, SIX Payments functions as the “data controller” and “payment processor” simultaneously. The SIX Payments company is licenced as a payment institution, which legally binds them to process certain data based on credit card operations. The SIX Payments payment system functions in accordance with the PCI-DSS (Payment Card Industry Data Security Standard) standard.
We use the plugin of the provider SendInBlue for the requirements of subscribing for monthly news, their distribution and data collection about the effectiveness of such activities by Malalan d.o.o. Data you enter into forms for inquiries and/or when you sign up for monthly news is stored and processed with the software of the mentioned provider. Your data is under no circumstances transferred, lent, given or sold to third persons.
You can subscribe or unsubscribe to news at any time: to subscribe, use one of the on-line forms, and to unsubscribe, click on the “Unsubscribe” button at the bottom of every e-mail.
For more information about the management of this data, you can send your questions to: firstname.lastname@example.org
3. LEGAL BASIS AND THE PURPOSE OF DATA COLLECTION
Your data is processed in accordance with the following GDPR provisions, depending on the basis on which they are acquired:
To fulfil our legal obligation – Article 6 (1) (c) of the GDPR - (data gathered based on binding regulations).
On the basis of explicit consent by an Individual for the processing of their personal data (hereon: Consent) - Article 6 (1) (a) of the GDPR - (data provided in on-line or written forms, e-mails, etc.);
For the needs of performing/fulfilling a contract on the Individual’s demand - Article 6 (1) (b) of the GDPR - (data related to services ordered by the Individual);
Based on legal interests - Article 6 (1) (f) of the GDPR (data on access);
3.2. The purpose of processing
Personal data will be collected only in the scope and for the purpose for which you provide us with data based on your consent, or in the scope and for the purpose necessary to fulfil our legal or contractual obligations or legal interest.
Personal data is used for:
- Performing contractual obligations, primarily to fulfil orders and other contracts,
- Direct marketing, including notifications about our products, services, and activities through different communication channels (website, social networks, SMS texts, e-mail, etc.) and sending offers via mail, e-mail, telephone or any other manner,
- Conducting market and customer satisfaction research,
- Profiling or segmenting, with the purpose to create personalised offers tailored to your preferences,
- Conducting prize games which include draws and publication of data about the winners and collection and processing of personal data acquired at promotional events,
- Preventing abuse or fraud and protection of property and data,
- Making claims or defence against various claims,
- Improvement of content and general quality and functionality of our websites and services.
3.2.1. Processing based on an individual’s consent
Personal data can be processed and stored based on your explicit consent, exclusively for the purposes for which you provided us with your consent, and especially for:
- All forms of direct marketing, i.e. to provide you with information about products or services you order or which we believe you could be interested in, such as notifications about changes on our websites, general conditions, implementation of new or changes to the existing services or products, special offers, prize games, and useful information about our services and products or other activities;
- The identification of an Individual;
- The preparation of a personalised offer of our services and products or an offer tailored to the Individual’s habits;
- The customer profile design (with the analysis and prediction of purchasing habits, Individuals’ behaviour, their preferences, interests, tastes, etc.);
- Ensuring the use of interactive functions of our website, participation in prize games, voting, etc., when you chose to do so.
Personal data acquired based on the Individual’s consent is processed only for the purpose for which the consent was given (e.g. to inform about marketing activities, to participate in prize games, etc.).
The provision of personal data is voluntary; however, the provision of data marked as obligatory on the forms is the condition for us to be able to fulfil your order, or our contractual obligations. If you do not wish to provide the data marked as obligatory for the execution of an individual purchase, you will not be able to use some of our services (e.g. make a purchase through our website, use product repair services, etc.).
For communication or informing Individuals, Malalan d.o.o. can use all data provided upon the giving of consent, e.g. e-mail address or postal address, SMS/MMS texts (to the provided telephone number), or any other manner chosen by an Individual upon giving consent.
Your personal data will not be transferred to third persons and will also not be processed by third persons, except when it is specifically defined by this Policy.
For the needs of fulfilling the order, your data (name, surname, address, telephone number, e-mail address, and other data necessary for the execution of the service, such as bank account number for the purpose of making a payment) will be provided to authorised third persons with whom we have concluded a contract about the processing of personal data and who perform certain tasks connected to personal data processing bound to fulfilling your order on our behalf and in our name (e.g. the purchased goods delivery contractor, the payment system provider, etc.).
For a minor, consent to data processing must be given by a parent or guardian. Such consent is valid until revoked or changed by the person who gave the consent, or by the minor when this right is acquired.
We cannot be held responsible for possible errors, disputes, or damage due to the provision of erroneous data.
The Individual to which personal data pertain can revoke, change, or limit his or her consent for the personal data processing at any time in the same manner as it was given.
The Individual can in any case send notice of the withdrawal or change of consent to: email@example.com, or to the address:
Mestni trg 21,
or personally deliver it to Draguljarna Malalan. The withdrawal or change of the consent pertains only to data processed on the basis of the consent.
In the continuation, the manner in which the consent can be given and the purpose of data processing are presented.
126.96.36.199. Consent upon registration on our website or online shop
“I allow Malalan d.o.o. to use and process my personal data stated above for the purposes of sending written information about their services and products, special offers, news, prize games, offers tailored to my preferences, and other marketing activities, as well as for the purpose of personal invitations to fashion shows, jewellery exhibitions, media or other events, and openings of new stores. I confirm that the provided data is accurate and current. Malalan d.o.o. can use my personal data until I revoke my consent.”
This consent is not a requirement for making a purchase at our shops or online shop.
3.2.2. Processing needed to fulfil obligations under contractual relationships
Personal data of Individuals are processed and stored for fulfilling obligations under contractual relationships, concluded on the Individual’s request, including the sale of products and services, especially for the following purposes:
Provision of your personal information is voluntary; however, the provision of data marked as obligatory in the forms or contracts is the condition for us to fulfil your order or our contractual obligations. If you do not wish to provide the personal data which are marked as necessary for making an individual purchase or it derives from the nature of the business or contract that without them the contract cannot be fulfilled, you will, unfortunately, not be able to make a purchase on our website or we will not be able to execute the contract.
For the needs of fulfilling the order your data (name, surname, address, telephone number, e-mail address, and other data necessary for the implementation of a service, such as bank account number for the purpose of making a payment) will be provided to authorised third persons with whom we have concluded a contract about the processing of personal data and who perform certain tasks connected to personal data processing bound to fulfilling your order on our behalf and in our name (e.g. the purchased goods delivery contractor, the payment system provider, etc.).
3.2.3. Processing based on legal interest
Data processing based on legal interests means our interest to perform our activities with quality and efficiency, while we guarantee the Individual safe operation and use of our services as well as a quality user experience in using our services (visits to the website, interaction with Malalan d.o.o., ordering, concluding contracts, etc.). Legal interest for the processing of personal data is represented by the need to prevent abuse, while the processing of personal data for direct marketing can be considered to be done in the legal interest, too. We guarantee that in the data processing based on our legal interest we process this data only in the scope that is absolutely necessary and with regard to the possible (both positive and negative) impact on Individuals and their rights. We do not process personal data when interests or fundamental rights and freedoms of an Individual prevail over our legal interest (except in the case of an Individual’s consent or when we are bound to process data by a special regulation).
In this sense we process personal data to:
- Prevent abuse and fraud, at the expense of website content, interests, and property of Malalan d.o.o. as well as the interests, property, and data of Individuals;
- Enforce claims or defence against claims in administrative, judicial, or extrajudicial proceedings;
- Improve the content and general quality and functionality of websites and execute our services.
To ensure security and prevent abuse, Malalan d.o.o. processes data about access which can be (if necessary) cross-referenced with other data in their database (name, surname, address, e-mail address, etc.), which enables re-identification of an Individual, all with the purpose to prevent illegal or malicious acts, such as unauthorised access to data (hacking), spreading of malicious codes, different attacks (on the operating system, servers, network connections, databases, etc.), fraud, etc., which could result in e.g. abuse, loss or alteration of data, non-functioning of services, or causing damage. For the prevention of possible fraud or abuse, data can be provided to competent state authorities or state services.
Malalan d.o.o. uses access data for the improvement of functioning and optimisation of their website and services.
3.2.4. Processing based on legal obligation
We also process personal data based on binding regulations or for the purpose of meeting our legal obligation originating from tax, labour law, and other regulations, i.e. for the purposes of preventing money laundering, fulfilling tax obligations, and other public interests.
Within its activity of trading in precious metals, Malalan d.o.o. is bound, on the basis of the Anti-Money Laundering and Terrorist Financing Act (hereinafter: ZPPDFT-1), to process an Individual’s data in terms of money laundering and terrorist financing prevention, including determining and checking an Individual’s identity and acquiring data about the purpose and intended nature of the business relationship or transaction. In transactions within the trade in precious metals, primarily the following data is acquired and processed:
- personal name,
- address of permanent or temporary residence,
- date and place of birth,
- tax ID number or personal identification number (EMŠO),
- number, type, and name of the issuer of the official identity document,
- political exposure.
The table below presents a description of all the ways in which your personal data can be used, as a summary of Article 3 of this Policy.
Keep in mind that your personal data can be processed based on several legal bases, depending on the purpose for which they are processed.
Reasons for data processing
- The interest to ensure quality services;
- Fulfilment of obligations derived from our activities, e.g. product sales, product repairs, trade in precious metals, providing information about our services, activities and products;
- To provide information about our products and services that might be of interest to you;
- To establish contact with a client (e.g. for the preparation of an appropriate offer);
- Consent or data provided by an Individual;
- Fight against abuse and fraud;
- Help with marketing and providing new products and services you are interested in;
- Abiding by binding regulations and legal obligations;
- Efficient meeting of our legal and contractual obligations;
- Checking for correctness of provided data (adequate age for the use of services, correct completion of the contract);
- Managing of websites, including troubleshooting, data analysis, testing, research, statistical and research purposes;
- Making certain that the content on our webpage is presented in the most effective manner possible for you and your device;
- Ensuring the participation of Individuals in interactive functions of our services.
Data provided by an Individual
Malalan d.o.o. needs access data for:
- fulfilling contracts;
- legal interests;
- legal obligation;
- effective combating of cyber and common abuse and fraud and fulfilling contractual obligations;
- abiding by binding regulations;
- help with marketing and providing new products and services you are interested in;
- ensuring information about our products and services that might be of interest to you;
- preparing an appropriate offer.
Data provided by an Individual is needed for:
- product promotion and keeping you up to date with our activities;
- attracting new buyers for existing or new products or services;
- ensuring quality services;
- establishing a contact with a client;
- managing webpages, including troubleshooting, data analysis, testing, research, statistical and research purposes;
- making certain that the content on our webpage is presented in the most effective manner possible for you and your device;
- enabling the participation of Individuals in interactive functions of our services;
- informing about changes in our services;
- our effort to ensure safety and privacy on our webpages.
4. DURATION OF RETENTION OF PERSONAL DATA
The duration of retention of personal data depends on the basis and purpose for which it is collected. These are stated in Chapter/Article ________.
The Individual’s consent is valid:
- Until the provided consent is revoked, changed or limited;
- Until the end of a contractual relationship or until the warranty period expires; however, not more than 5 (five) years after the contractual relationship ends.
Our legal interest is valid:
- Until the end of the contractual relationship or until the warranty periods expire; however, not more than 5 (five) years after the contractual relationship ends.
- 5 (five) years after the performed access or the business relationship ends, or until interests or fundamental rights and freedoms of an Individual to which personal data refers prevail;
- When weighing the interests and rights of an Individual, reasonable expectations of Individuals in relation to Malalan d.o.o. are considered. When Malalan d.o.o. determines that the interests of an Individual prevail over the legal interests of Malalan d.o.o. for the processing of personal data, the Individual’s data is deleted or anonymised.
In accordance with the ZPPDFT-1.
Accounting records – in accordance with the ZDDV-1, ZR (invoices, delivery notes, etc.).
Data in accordance with the ZPPDFT-1 10 (ten) years after the transaction was made or a business relationship ended.
Invoices for the supply of goods 10 (ten) years after the year to which the invoices refer.
Invoices for real estate 20 (twenty) years after the year to which they refer.
5. DATA PROTECTION
Malalan d.o.o. implements extensive technical, organisational, and administrative measures for the protection of your personal data from potential risks, such as unauthorised sign-in or access, unauthorised checking, and changing or distribution, as well as loss, deletion, or abuse of data.
All data you provide us with are stored on safe servers. When you created a password or were assigned one within our website, which enables you to access certain parts of the website or your profile, you are responsible for keeping this password confidential. You must not share your password with anyone.
If we determine that it is necessary to transfer personal data to a third country (outside the European Union), we will check whether that country guarantees the appropriate level of protection of rights and freedoms of individuals to which this personal data pertains.
6. DATA OUTPUT – TRANSFER TO THIRD PARTIES
Your personal data will not be transferred to third parties and will not be processed by third parties, except when that is explicitly defined by this Policy or demanded by applicable regulations.
For your order to be carried out, your data (name, surname, address, telephone number, e-mail address, and other data necessary for the execution of the service, such as bank account number for the purpose of making a payment) will be forwarded to authorised third persons with whom we have concluded a contract about the processing of personal data and who perform certain tasks connected to personal data processing bound to fulfilling your order on our behalf and in our name (e.g. the purchased goods delivery contractor, the payment system provider, etc.).
We guarantee that third persons with whom we have concluded a contract about the processing of personal data may use this data solely for the purpose for which they were provided to them (e.g. for shipment delivery, making a payment).
Data, purpose, and conditions for data output to third countries (outside the EU) are described in Point 2.1.1.
7. YOUR RIGHTS CONNECTED TO THE PERSONAL DATA WE PROCESS
You have certain rights with respect to your personal data, which are set out below:
- The right to ask for information about whether and which personal data we process;
- The right to ask for erroneous personal data to be corrected, supplemented or changed;
- Under certain circumstances, you have the right to ask for the deletion of your personal data or restriction of the processing of your personal data. The latter applies primarily to data we process based on your consent and for which we have no legal interest, legal obligation, or is not necessary for the fulfilment of contractual obligations;
- You can withdraw your consent for the processing and use of your personal data entirely or in part at any time, all with immediate effect. Withdrawal of consent thus affects the legality of data processing which was carried out based on your consent until it was withdrawn;
- The right to acquire your personal data in a structured, generally used, and machine-readable form and to forward this data to another operator;
- The right to address your questions, comments, complaints, or demands regarding this Policy or the processing of your personal data to our data protection officer;
- You also have the right to appeal to the competent supervisory authority if you believe that your rights have been violated with the processing of your personal data. The competent supervisory authority in the Republic of Slovenia is Informacijski pooblaščenec, Dunajska cesta 22, 1000 Ljubljana, e-mail: gp.ip(at)ip-rs.si, website: https://www.ip-rs.si.
If you wish to exercise any of the above-stated rights or you have questions connected to your rights and personal data protection for Malalan d.o.o., you can turn to us at the e-mail address: firstname.lastname@example.org or telephone number: +386 (0)1 421 77 40.
Mestni trg 21
Date of last revision: 1.12.2020